• Firewall NAT / Outbound

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    P
    Your rules appear to be correct. Are you using 1:1 NAT as well, or just port forward?
  • Forwarding traffic to IPSEC ?

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    G
    I move to GRE Tunnel over IPSEC. Now i have one more interface on pfsense and i can ping remote side with it from GUI. I left GRE Interface on "none", i add gateway for GRE and add a route for remote LAN Subnet. From pfsense box 2 (192.168.201.222), i can ping my web server 192.168.1.6 and from pfsense box 1 (192.168.1.254), i can ping pfsense box 1 (192.168.201.222). I can ping with GRE IP adress (172.31.2.10) But from server behind pfsense, i can't ping remote side ? It's a problem with outbound NAT may be ?
  • NAT Reflection Freezing Up - 2.0.1

    Locked
    10
    0 Votes
    10 Posts
    3k Views
    A
    So any way to disable the timeout? I have Bacula server behind pfSense and all the backups (which could very well take even weeks) time out after 2000 seconds when port reflection is used. In a rather old thread http://forum.pfsense.org/index.php/topic,1528.15.html I read that timeout should be set to 0 in order to disable it. I did it, but it does not seem to have any effect.
  • Advanced Proxy Setup

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    marcellocM
    The way I can imagine this setup working is Internet -> pfsense -> proxy in bridge mode -> lan Using this way you create a nat from wan to lan web server and your proxy when online forwards it to proxy daemon. You have the option to install squid on pfsense. Internet -> pfsense -> lan
  • Mutiple Public IP NAT to multiple webservers

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    belleraB
    Ok, thanks! I told the spanish user to reedit its Virtual IPs. http://forum.pfsense.org/index.php/topic,46586.msg246820.html#msg246820 Regards, Josep Pujadas-Jubany
  • SYN/ACK packet going out wrong interface / comments on complex setup

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • Simple NAT for Webserver, need help. Have Pics of Settings.

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    A
    no, no no… I didn't have the Access Point in the allowed IPs for the Captitive Portal. Sorry!
  • Where is FTP-Helper?

    Locked
    6
    0 Votes
    6 Posts
    13k Views
    C
    Thanks for this, I found how to have a working configuration on pfSense for my FTP server (on pfSense 2.0.1). First, I still don't know or understand where the FTP-helper is located. Everywhere in the documentation, wiki, tutorials, the FTP-helper is mentioned under Interfaces>WAN, but I could never see it, and it doesn't appear at all in the web interface. I actually lost hours looking for this damn FTP-helper, and I don't know if it still exists in pfSense 2.0. But I guess I got it working without it anyway. Let's say my ftp server is on 192.168.0.50 on port 21, using port 20 for ftp-data and ports 5000:5100 as the passive range. It's Filezilla Server, and I configured it to return the public IP addresse which let's say is something like 80.2.5.42. First what I did on pfSense was : NAT inbound Port forward 20:21 to 192.168.0.50, ports 20:21 Port forward 5000:5100 to 192.168.0.50, ports 5000:5100 with the corresponding firewall rules. It worked, but not for everybody. Someone couldn't actually connect to the FTP, either in active or passive mode. It worked with the previous firewall we used, but only in active mode. It looks like this guy was working in a place where a firewall was set up, blocking any traffic originating from port>1024 (I guess to block P2P, etc). I dumped the packets here on both sides on pfSense (LAN & WAN) and I saw that everything originating from 192.168.0.50:21 was mapped to 80.2.5.42:21, because the TCP session originated from the FTP client on 80.2.5.42:21. But everything that came back from 192.168.0.50:20 was mapped to a random port on 80.2.5.42, and so was blocked by the remote firewall. Thanks to this thread, I switched the NAT outbound rule generation to manual and added two rules, one to configure 192.168.0.50:20 as a static port and one to map 192.168.0.50 5000:5100 as static ports too, both rules before the default ones, and it looks to work fine now, for everyone.
  • NAT (Port Forwarding) and web failover

    Locked
    27
    0 Votes
    27 Posts
    9k Views
    S
    i get the same, nothing changes if i select openvpn as interface. i will try to find another solution as it seems that what i am trying to do it's not possible with load balance. thnx for your help!
  • CCTV

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    C
    sudo, Have you tried looking at a network trace before?  If you capture a network trace on the WAN while you're trying to connect, you should be able to see if traffic is getting to pfSense (which we expect) and if pfSense is responding to that traffic.  You can do the same on the LAN to see if pfSense is then sending traffic on to your CCTV.  If you need help reading the output, I'd be glad to help.
  • Rule for connecting to ftp server outside network

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • MOVED: Unable to check for updates

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Ip address issue

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    T
    hello, You`re right, I found the problem. The ISP denied DNS resolve from the subnet they routed to me, and I have disabled NAT in the pfSense and than server used its own ip address which was in the subnet which is denied by ISP because that subnet belongs us now… and before I disabled the NAT server used pfSense WAN ip address which ISP assigned to us and than it worked because DNS resolve was allowed from that IP address because it belongs to ISP. The reason why the Linux was ok is that linux used 127.0.0.1 for DNS lookup it used its own DNS server for resolve... Thank You again ! Tom
  • LAN clients pulling IP's from ISP

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    D
    Cool :D Thanks again
  • Adding another 1:1 NAT address doesn't work for me.

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    C
    Thank you SO VERY much.  I had noticed that the address wasn't in the first line, and I didn't even look at the second line. It works great now!  I can't say enough good things about this product to do it justice!
  • Port forwarding only working to /24 addresses

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    C
    Time to packet capture, start with the LAN on the firewall, filter on the destination host's IP. If you see it leaving there, go to the target server and capture.
  • Outbound NAT Redirection

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    Did you tried to use squid package with transparent proxy option? A rdr rule(firewall -> nat) the way you want could be done setting: Source: not proxy ip source port any destination any destination port 80 Redirect target IP proxy ip
  • Outbound NAT state disappears after a few hours

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    R
    @cmb: @marcelloc: Multiple sip clients registered to same provider +rtp ports behind firewall isn't a nat trouble? Not as long as you're rewriting the source port on port 5060, as 2.0 and newer do by default. Is it possible to get a walk through on this? Or can I find any documentation on how to set this up? Im not that good on firewalls so a setup would be handy. In my case I use an external provider and seven cisco phones on the LAN running through SipProxd and there is constant troubles with the setup and if I can drop the siproxd I think it would be great. Cheers!
  • Multiple static WAN IP

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    J
    Hi podilarius, Thanks for the info, I shall try it out over the next few days and let you know how I got on.
  • Lan access to Https port forward if ssl cert requires gate.domain.com?

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    C
    yes it's possible via a port forward entry on LAN to redirect the traffic, you'll also need manual outbound NAT configured to change the source IP to the firewall's IP on that interface to force the reply traffic back so it can be translated back.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.